The testsuite for both the Hot Rod client and the server include pre-built keystores. This causes a number of issues:

• they only work with Oracle/OpenJDK and break with IBM JDK
• there is very little information about how they were produced
• they have built-in expirations which are causing failures

By using the maven keytool plugin we can generate the certificates during the test phase. Pros:

• uses the keytool packaged with the JDK which is being used by the build
• "documents" the process for generating the certificates and avoids storing binary blobs in version control